<?php

// Include the different user types so we can filter out unauthorized users
include("include/dbUserTypes.php");

// Include our user class
include_once("include/user.php");

// Create a variable to store our user if we're validated
$user = null;

// Check if we're in a valid session. If not, go back to main login page.
if( !isset($_SESSION['user']) || $_SESSION['user'] == null ) {
    header("location:main_login.php");
}
else {
    // Unserialize our user to turn it back into a useful object
    $user = unserialize($_SESSION['user']);
}

// If we're not an admin go back to the user redirection page
if( $user->getUserType() != $USERTYPE_ADMIN ) {
    header("location:login_success.php");
}
else
{
    // Connect to our database
    include("include/dbconnection.php");
    
    // Safety first: Clean up the ID to edit
    $editUserID = mysql_real_escape_string($_GET['id']);    
    
    // Select the user with the ID above, as long as it's not an administrator
    $db_query = "SELECT 
    u.$TABLE_USERS_USERID, u.$TABLE_USERS_USERTYPE, t.$TABLE_USERTYPE_USERDESCRIPTION, 
    u.$TABLE_USERS_USERNAME, u.$TABLE_USERS_ENTRYDATE, u.$TABLE_USERS_LASTCONNECTED, 
    u.$TABLE_USERS_EMAILADDRESS 
    FROM $TABLE_USERS u 
    LEFT JOIN $TABLE_USERTYPE t ON u.$TABLE_USERS_USERTYPE = t.$TABLE_USERTYPE_USERTYPE 
    WHERE u.$TABLE_USERS_USERID = $editUserID AND u.$TABLE_USERS_USERTYPE != $TABLE_USERTYPE_TYPEADMIN";
    
    
    // Get the results of the query
    $resultSet = mysql_query($db_query);

    // If we didn't get results, go back to the manage users page.
    // Otherwise show the user's details to edit.
    if(mysql_num_rows($resultSet) == 0)
        header ("location:admin_manageUsers.php");
    else
    {
        // Show the user modification form
        $row = mysql_fetch_array($resultSet);
        
        // Set the user ID, user type and username as session variables. 
        // This way we know that it was obtained from the DB and they're safe to use
        $_SESSION['userIdToModify'] = $row[$TABLE_USERS_USERID];
        $_SESSION['userType'] = $row[$TABLE_USERS_USERTYPE];
        $_SESSION['userName'] = $row[$TABLE_USERS_USERNAME];
        
        // Show the basic editing form
        include("include/admin/editUserForm.php");
        
        // If it's a registered user, find the related information and show in the registered user form
        if( $row[$TABLE_USERS_USERTYPE] == $TABLE_USERTYPE_TYPEREGISTERED )
        {
            // Create the registered user query
            $regUser_query = "SELECT 
            $TABLE_REGISTEREDUSER_USERID, $TABLE_REGISTEREDUSER_NAME, $TABLE_REGISTEREDUSER_ADDRESS, 
            $TABLE_REGISTEREDUSER_PHONELAND, $TABLE_REGISTEREDUSER_PHONECELL, 
            $TABLE_REGISTEREDUSER_OCCUPATION, $TABLE_REGISTEREDUSER_EMPLOYER, 
            $TABLE_REGISTEREDUSER_EMPLOYERADDRESS, $TABLE_REGISTEREDUSER_BLACKMARK
            FROM $TABLE_REGISTEREDUSER WHERE $TABLE_REGISTEREDUSER_USERID = $editUserID";
            
            // Get the results of the registered user query
            $resultSet = mysql_query($regUser_query);
            
            // Fetch the information
            $row = mysql_fetch_array($resultSet);
                        
            // Include the specific regular user form
            include("include/admin/editRegUserForm.php");
            
        }
        else if( $row[$TABLE_USERS_USERTYPE] == $TABLE_USERTYPE_TYPEBUSINESS )
        {
            // Create the business user query
            $businessUser_query = "SELECT 
            $TABLE_BUSINESSAGENT_COMPANYNAME, 
            $TABLE_BUSINESSAGENT_BUSINESSCHARTER, $TABLE_BUSINESSAGENT_CONTACTNAME,
            $TABLE_BUSINESSAGENT_CONTACTPHONELAND, $TABLE_BUSINESSAGENT_CONTACTPHONEMOBILE, 
            $TABLE_BUSINESSAGENT_CONTACTPHONEFAX, $TABLE_BUSINESSAGENT_CONTACTPOSITION, 
            $TABLE_BUSINESSAGENT_CONTACTEMAIL, $TABLE_BUSINESSAGENT_COMPANYADDRESS, 
            $TABLE_BUSINESSAGENT_COMPANYCITY, $TABLE_BUSINESSAGENT_COMPANYSTATE, 
            $TABLE_BUSINESSAGENT_COMPANYPOSTALCODE, $TABLE_BUSINESSAGENT_COMPANYCOUNTRY, 
            $TABLE_BUSINESSAGENT_COMPANYEMAIL, $TABLE_BUSINESSAGENT_PREFERREDINDUSTRY 
            FROM $TABLE_BUSINESSAGENT WHERE $TABLE_BUSINESSAGENT_USERID = $editUserID";
            
            // Get the results of the business user query
            $resultSet = mysql_query($businessUser_query);
            
            // Fetch the information
            $row = mysql_fetch_array($resultSet);
            
            // Include the specific business user form
            include("include/admin/editBusinessUserForm.php");
        }
        else if( $row[$TABLE_USERS_USERTYPE] == $TABLE_USERTYPE_TYPEFINANCIAL )
        {
            // Create the financial user query
            $financialUser_query = "SELECT 
            $TABLE_FINANCIALUSER_NAME, $TABLE_FINANCIALUSER_ADDRESS,
            $TABLE_FINANCIALUSER_PHONELAND, $TABLE_FINANCIALUSER_PHONECELL,
            $TABLE_FINANCIALUSER_OCCUPATION, $TABLE_FINANCIALUSER_EMPLOYER,
            $TABLE_FINANCIALUSER_EMPLOYERADDRESS, $TABLE_FINANCIALUSER_CREDITCARDNUM,
            $TABLE_FINANCIALUSER_CREDITCARDCODE, $TABLE_FINANCIALUSER_PASSWORDQUESTION,
            $TABLE_FINANCIALUSER_BLACKMARK
            FROM $TABLE_FINANCIALUSER WHERE $TABLE_FINANCIALUSER_USERID = $editUserID";   
   
            // Get the results of the financial user query
            $resultSet = mysql_query($financialUser_query);
            
            // Fetch the information
            $row = mysql_fetch_array($resultSet);
            
            // Include the user form (like the registered user one)
            include("include/admin/editRegUserForm.php");
        }
    
        // Close the update form
        include("include/admin/editUserFormClose.php");        
           
            
        
    } // End else statement
    
    // Close the connection
    mysql_close();
    
    
    
}


